Integrated security system having threat visualization and automated security device control
First Claim
1. A method, comprising:
- receiving data on one or more threats;
displaying information on the one or more threats, wherein displaying information includes displaying one or more responses to the one or more threats;
selecting a response from the displayed one or more responses;
automatically generating configuration information for one or more security devices based on the selected response, wherein generating configuration information includes generating a security policy having automatically ordered rules for the one or more security devices and displaying the one or more security devices that will be affected by the security policy; and
deploying the configuration information to the one or more security devices.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for taking direct actions, such as selectively blocking or allowing traffic and applications, while monitoring events from a graphical representation of threats. As such, the administrator in an enterprise interacts with the graphical representation of threats rendered by the security management system to automatically invoke a policy/rule module of the security management system to configure and update security policies for the security devices deployed throughout the computer networks of the enterprise. An administrator may, for example, interact with the representation of threats rendered by the threat control module based on the data aggregated from the distributed security devices and, responsive to the interaction, the security management system may identify a relevant set of the security devices, automatically construct security policies having ordered rules within the policies for the identified set of security devices, and automatically communicate and install the policies in the identified set of security devices.
60 Citations
29 Claims
-
1. A method, comprising:
-
receiving data on one or more threats; displaying information on the one or more threats, wherein displaying information includes displaying one or more responses to the one or more threats; selecting a response from the displayed one or more responses; automatically generating configuration information for one or more security devices based on the selected response, wherein generating configuration information includes generating a security policy having automatically ordered rules for the one or more security devices and displaying the one or more security devices that will be affected by the security policy; and deploying the configuration information to the one or more security devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A security management system comprising:
-
one or more processors; one or more computer-readable memories; a threat data aggregator that executes on the one or more processors to aggregate data on one or more threats received from one or more security devices; a threat control module that executes on the one or more processors, wherein the threat control module displays the one or more threats corresponding to the threat data aggregated by the threat data aggregator and configures one or more security policies of the one or more security devices based on the one or more threats displayed, wherein the threat control module further outputs, for display, one or more responses to the one or more threats; a policy/rule module that executes on the one or more processors, wherein the policy/rule module automatically generates configuration information for the one or more security devices based on a selection of a response from the one or more responses, wherein the configuration information includes a security policy having automatically ordered rules for the one or more security devices; and a policy deployment engine that executes on the one or more processors to send the configuration information to one or more of the one or more security devices, wherein the threat control module further outputs, for display, the one or more security devices that will be affected by the security policy. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification